Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security coordination in Europe CERT-EU’s perspective

Published bySophie Caldwell Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security coordination in Europe CERT-EU’s perspective"— Presentation transcript:

1 Cyber Security coordination in Europe CERT-EU’s perspective
ITU Joint Cyber Drill Chisinau, 21 November 2017 Georgios PSYKAKOS 1

2 the Team CERT for EU Institutions, Bodies and Agencies
2011 Pilot, 2012 Inter-institutional Taskforce established by EC Defense against targeted cyber threats Information hub Knowledge, context and actionable advice 30 cybersecurity professionals, 4 teams

3 NIS Directive Into force in August 2016 Core security elements:
Identification of operators of essential services National strategy on the security of network and information systems National competent authorities and single point of contact Computer security incident response teams (CSIRTs) Cooperation at national level Cooperation Group: Member States, the Commission and ENISA CSIRTs network: Member States' CSIRTs and CERT-EU Commission as observer ENISA provides the secretariat *

4 Blueprint Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises (COM(2017) 6100). Core objectives Provide decision makers with a common situational awareness Enable effective technical, operational and political cooperation and response Provide guidance on how to handle public communications Blueprint will describe how existing and established Crisis Management principles and mechanisms make full use of existing cyber security entities at the EU level and cooperation mechanisms between the Member States. In doing that it may also provide details of the roles that various actors play under IPCR and/or ARGUS execution. Blueprint – Principles Proportionality Subsidiarity Complementarity Confidentiality of information

5 Blueprint Cooperation at all levels Technical
Incident handling during a cybersecurity crisis. Monitoring and surveillance of incident including continuous analysis of threats and risk. Operational Preparing decision-making at the political level. Coordinate the management of the cybersecurity crisis (as appropriate). Assess the consequences and impact at EU level and propose possible mitigating actions. Political / Strategic Strategic and political management of both cyber and non-cyber aspects of the crisis.

6 Cooperation Constituents Peers EU and non-EU (NATO, Eurocontrol)
CSIRT Network, other groups, bi-lateral EC3, ENISA Sectorial (EASA) Partners Contractual, experts, vendors NATO NCIRC TA February 2016

7 Announcements & advisories Alerts & warnings
Services Announcements & advisories Alerts & warnings Incident response support & coordination Cyber threat intelligence Incident response & analysis on site Artefact analysis & actions Development of security tools Intrusion detection & log management Vulnerability assessment & pen testing Basic services: Announcements and advisories: (medium to long term) intrusion alerts, vulnerability warnings, security advisories Alerts and warnings: (immediate) immediate threats, on-going intruder attacks, specific security vulnerabilities, intrusion alerts, targeted malware Incident response coordination Cyber threat intelligence: actionable info on targeted and other attacks Extended services: Incident response and analysis on site: Artifact analysis and actions Development of security tools: specialised tools to improve detection or remediation (scripts & tools extending exisitng functionalities, detecting artefacts, cross-correllate logs) Intrusion detection and log management services: Vulnerability assessment and penetration testing examples

8 Constituents CERTs (MS) CERT-EU Partners CERTs (other)
Sharing Constituents CERTs (MS) TTP, General Threats + Incident info Alerts + info Significant Threats General and specific Threats CERT-EU General, specific threats TTP, General threats TTP, General threats Tactics, Techniques, Procedures Incident specific Information For analysis Partners CERTs (other) *TTP: Tactics, Techniques, Procedures

9 Use of TLP (not mandatory) Constituents
Sharing policy General principles Consent of provider Use of TLP (not mandatory) Constituents Scope: threats, vulnerabilities, incidents, counter- measures: all relevant information Member State CERTs Scope: threats, vulnerabilities, tools, methods, best practices Incident information with permission 2 slides

10 Sharing policy Third Country CERTs Case by case Partners NDA General and specific threats, vulnerabilities, counter-measures

11 example (*fictional) _cyber event _Social Media _N/G CERT notification
_more notifications _Response Shell _collab. mode _Threat Alert _Analysis We have covered Strategy Cooperation Services – Maturity Sharing Sharing Policy _Mitigation _other _eob

12 Together we are stronger
Take away Together we are stronger Mulțumesc! Willingness Trust Common strategy Policy Procedures Tools

Download ppt "Cyber Security coordination in Europe CERT-EU’s perspective"

Similar presentations

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
World Meteorological Organization Working together in weather, climate and water WMO OMM WMO www.wmo.int GFCS Governance proposal Process of development.

World Meteorological Organization Working together in weather, climate and water WMO OMM WMO GFCS Governance proposal Process of development.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
Seán Paul McGurk National Cybersecurity and Communications

Seán Paul McGurk National Cybersecurity and Communications
Www.enisa.europa.eu EISAS Pilot Collaborative Awareness Information Dissemination to EU Citizens & SMEs 1.

EISAS Pilot Collaborative Awareness Information Dissemination to EU Citizens & SMEs 1.
International Atomic Energy Agency THE “EMERGENCY CONVENTIONS” Interregional Training Course on Technical Requirements to Fulfil National Obligations in.

International Atomic Energy Agency THE “EMERGENCY CONVENTIONS” Interregional Training Course on Technical Requirements to Fulfil National Obligations in.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Introduction to PROGRESS Community programme for Employment and Social Solidarity 2007-2013 Finn Ola Jølstad Norwegian Ministry of Labour and Social Inclusion.

Introduction to PROGRESS Community programme for Employment and Social Solidarity Finn Ola Jølstad Norwegian Ministry of Labour and Social Inclusion.
AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering
Directorate General for Enterprise and Industry European Commission The New Legislative Framework - Market Surveillance UNECE “MARS” Group meeting Bratislava,

Directorate General for Enterprise and Industry European Commission The New Legislative Framework - Market Surveillance UNECE “MARS” Group meeting Bratislava,
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )

International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )

Similar presentations

Ads by Google